FeMiner WMS SQL Injection Vulnerability in inquire_inout_item.php Component

A SQL injection vulnerability has been identified in FeMiner WMS version 1.0. This vulnerability allows remote attackers to access sensitive information by injecting malicious SQL into the 'id' parameter of the 'inquire_inout_item.php' component. The vulnerability arises from improper input validation, which allows attackers to manipulate SQL queries and potentially extract data from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a request to 'inquire_inout_item.php' with a crafted 'id' parameter that includes SQL injection payloads. This can be done using a tool like SQLMap, targeting different 'option' values such as 'type', 'receipt', and 'item'.